Skip to main content
  1. News
  2. Politics
  3. Policy & Issues

Homeland Security advisory issued to Microsoft Internet Explorer users

See also

On Monday, the United States Department of Homeland Security issued an advisory to Americans about a serious security flaw affecting Microsoft's Internet Explorer browser, urging IE users to use another Web browser until the bug is fixed.

The U.S. Department of Homeland Security's Computer Emergency Readiness Team (CERT) said on Monday the vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.

In a similar alert, the United Kingdom National Computer Emergency Response Team issued an advisory to British computer users as well.

Reuters reports that the bug is the first high-profile computer threat to emerge since Microsoft stopped providing updates for Windows XP earlier in April. Therefore, computers running the 13-year-old operating system will remain unprotected, even after Microsoft releases updates to defend against it.

The malicious virus enters via corrupted Adobe Flash file to attack the victim's computer. IE users, according to cyber security experts can avoid it by turning off Adobe Flash.

Monday morning's CERT alert advises IE browser users to consider using an alternative browser until Microsoft issues a patch.

"US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available."

Cyber hackers insert a code into "everyday websites" visited by unsuspected victims, then infects their computers.

"It's called a watering hole attack because if you're a lion, you go to the watering hole because you know that's where the animals go to drink."

The bug was first announced on Saturday by FireEye Research Labs, where researchers say the hackers are calling their campaign "Operation Clandestine Fox."

On April 8, Microsoft ended support to both the Windows XP operating system and Office 2003 product lines. Subsequently, the products no longer receive security patches which help protect PCs from harmful viruses, spyware, and other malicious software.

US-CERT issues an Alert (TA14-069A) on March 10, 2014 that computer systems running the unsupported software would be exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

The March 10th CERT Alert (TA14-069A) further stated:

"Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows XP or Office 2003."

Advertisement